Note

  • We are distributing HDL codes of the ISO/IEC 18033-3 standard block ciphers.
  • All the documents and comments in HDL codes are written in Japanese for now.

On-chip glitchy-clock generator

  • glitchy-clock_generator.zip
    An on-chip glitchy-clock generator for the experiment of the fault attacks on SASEBO. This work is presented in COSADE 2011 [1].
    (Upload 2012/May/09)
    [1] S. Endo, T. Sugawara, N. Homma, T. Aoki, and A. Satoh, "An on-chip glitchy-clock generator and its application to safe-error attack," 2nd International Workshop on Constructive Side-channel Analysis and Secure Design - COSADE, pp. 175 - 182, Feb. 2011.

RSA

  • RSA1024_RAM.v, RSA_tb.v

    • RSA processor with the Montgomery multiplier, and its testbench.
    Note that a single-port synchronized memory in the module is replaced to a behavioral model.
    (Upload 2008/Apr/07)

  • RSASpec2007Oct11.pdf (in Japanese)

    • Specification form for RSA1024_RAM.v
    (Upload 2008/Apr/07)

JWIS2007

  • JWIS2007.zip

    • HDL codes of the ISO/IEC 18033-3 standard block ciphers. They were used for the performance evaluation in [1]. The zip file contains 10 implementations for 6 algorithms (AES, Camellia, SEED, CAST-128, MISTY1, TDEA).

    [1] T. Sugawara, N. Homma, T. Aoki and A. Satoh, "ASIC Performance Comparison for the ISO Standard Block Ciphers," The 2nd Joint Workshop on Information Security (JWIS2007), August 2007.

DES

  • DES_ECB.v, DES_TB.v

    • DES encryption/decryption circuit and its testbench.
    (Update 2007/Sep/25)

  • DESSpec2007Sep25.pdf

    • Specification form for DES_ECB.v
    (Update 2007/Sep/25)

  • DES_ECB_Akkar.v

    • DES encryption/decryption circuit with a DPA (Differential Power Analysis) / SPA (Simple Power Analysis) countermeasure [1] where a plaintext/ciphertext is masked by a rundom number.
    This sample code uses a constant 0x123456789abcdef as a rundom number after the IP operation.
    [1] M. Akkar, C. Giraud, "An Implementation of DES and AES, Secure against Some Attacks", CHES2001

  • TDEA.v, TDEA_tb.v

    • TDEA (a.k.a. Triple-DES) encryption/decryption circuit
    (Update 2007/Sep/25)

  • TDEASpec2007Sep25.pdf

    • Specification form for DES_ECB.v
    (Update 2007/Sep/25)

AES

  • AES.v, AES_TB.v

    • AES encryption/decryption circuit and its testbench.
    The key length is limited to 128 bits.

  • AES_Comp.v, AES_TBL.v, AES_PPRM1.v, AES_PPRM3.v, and AES_ENC_TB.v

    • AES encryption/decryption circuits and their testbench.
    S-boxes are implemented based on Composite field, LUT, ANF (Arithmetic Normal Form), and 3-stage PPRM in AES_Comp.v, AES_TBL.v, AES_PPRM1.v, AES_PPRM3.v, respectively. AES_Comp.v supports both encryption and decryption, while others support only encryption.
    The key length is limited to 128 bits.
    (Update 2007/Oct/04)

  • AESSpec2007Sep25.pdf

    • Specification form for AES2.v
    (Update 2007/Sep/25)

Camellia

  • Camellia.v, Camellia_tb.v

    • Camellia encryption/decryption circuit and its testbench.
    The key length is limited to 128 bits.
    (Update 2007/Sep/25)

  • CamelliaSpec2007Sep25.pdf

    • Specification form for Camellia.v (Draft version)
    (Update 2007/Sep/25)

SEED

  • SEED_1clk.v, SEED_1clk_tb.v

    • SEED encryption/decryption circuit and its testbench.
    The key length is limited to 128 bits.
    (Update 2007/Sep/25)

  • SEEDSpec2007Sep25.pdf

    • Specification form for SEED_1clk.v (Draft version)
    (Update 2007/Sep/25)

MISTY1

CAST-128

page top